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Abstract 

This paper investigates under which conditions informa- 
tion can be reliably shared and consensus can be solved 
in unknown and anonymous message-passing networks that 
suffer from crash-failures. We provide algorithms to emulate 
registers and solve consensus under different synchrony 
assumptions. For this, we introduce a novel pseudo leader- 
election approach which allows a leader-based consensus 
implementation without breaking symmetry. 

1. Introduction 

Most of the algorithms for distributed systems consider 
that the number of processes in the system is known and 
every process has a distinct ID. However, in some networks 
such as in wireless sensors networks, this is not necessarily 
true. Additionally, such networks are typically not totally 
synchronous and processes may suffer from failures such as 
crashes. 

Designing protocols for such networks is especially in- 
tricate, since a process can never know if its messages 
have been received by all processes in the system. In this 
paper, we investigate under which conditions information 
can be reliably shared and consensus can be solved in such 
environments. 

Typically, in systems where no hardware registers are 
available, one makes additional assumptions to be able 
to reliably share information, e.g. by assuming a correct 
majority of processes. However, these techniques assume 
also some knowledge about the total number of processes. 
With processes with distinct identities, the requirements 
to emulate a register have been precisely determined by 
showing that the quorum failure detector E is the weakest 
failure detector to simulate registers in asynchronous mes- 
sage passing systems 15|. But again, this approach fails due 
to the lack of identities in our anonymous environment. 

To circumvent these problems, we assume that the system 
is not totally asynchronous, but assume the existence of 
some partial synchrony. We specify our environments by us- 
ing the general round-based algorithm framework (GIRAF) 
of ifTTI . This has two advantages: (i) it is easy to precisely 
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specify an environment and (ii) it makes it easy to emulate 
environments to show minimality results. 

We first define the moving source environment (MS) in 
which at every time at least one process (called the source) 
sends timely messages to all other processes, but this source 
may change over time and infinitely often. Although this 
environment is considerably weaker than a total synchronous 
environment, we show that it is still sufficient to implement 
registers, although it is not possible to implement the con- 
sensus abstraction. In fact, it can be emulated by hardware 
registers in totally asynchronous "known" networks for 
any number of process crashes. Therefore, if we would 
be able to implement consensus in this environment, we 
could contradict the famous FLP impossibility result fT\. 
This result states, that consensus cannot be implemented in 
asynchronous message passing networks, even if only one 
process may crash. Since we can emulate registers if only 
one process may crash [2|, we can also emulate the MS 
environment and therefore cannot be more powerful. 

To implement consensus, we consider some additional 
stronger synchrony assumptions. Our first consensus algo- 
rithm assumes that additionally to the assumptions of the MS 
environment, eventually all processes communicate timely. 
We call this environment the eventual synchronous (ES) 
environment. It resembles Dwork et al. 16|. In our second 
consensus algorithm, we consider a weaker environment and 
only assume that eventually always the same process is able 
to send timely to all other processes. We call it the eventual 
stable source environment (ESS). It resembles the model of 
[l] in which it is used to elect a leader, a classical approach 
to implement in turn consensus. 

Due to the indistinguishability of several processes that 
behave identical, a true leader election is not possible 
in our anonymous environment. Therefore, in our second 
algorithm, we take benefit of the fact that it suffices for the 
implementation of consensus if all processes that consider 
itself as a leader behave the same way. We show how to 
eventually guarantee this using the history of the processes 
proposal values. 

Furthermore, we consider the weak-set data-structure [4 |. 
This data-structure comes along some problems that arise 
with registers in unknown and anonymous networks. Every 
process can add values to a weak-set and read the values 
written before. Contrary to a register, it allows for sharing 
information without knowing identities of other processes 



and without the risk of an overwritten value due to a concur- 
rent write. Furthermore, we show that it precisely captures 
the power of the MS environment, i.e. we can show that it 
can be implemented in the MS environment and a weak-set 
can be used to emulate the MS ennvironment. Interestingly, 
in known networks, a weak-set is equivalent to the register 
abstraction and can thus be seen as a generalization for 
unknown and anonymous networks. 

Furthermore, we show that although it is possible to 
emulate registers in our MS environment, it is not possible to 
emulate E fS), the weakest failure detector for registers. And 
this result is not only due to the anonymity of the processes, 
it holds even if the number of processes and their identities 
are known. Note that this is not a contradiction, since the 
result in [5| means only that S is the weakest of all failure 
detectors with which a register can be implemented and we 
have exhibited synchrony assumptions where the existence 
of a failure detector is not necessary at all. 

1.1. Related work 

There have been several approaches to solve fault-tolerant 
consensus in anonymous networks deterministically. In ||4], 
fault-tolerant consensus is solved under the assumption that 
failure detector il |3| exists, i.e. exactly one correct process 
eventually knows forever that it is the leader. In |j9J, fault- 
tolerant and obstruction-fre^H consensus is solved if registers 
are available. 

There has also been some research on systems where IDs 
are known but the number of processes is not. In |8|, it 
is assumed that processes may crash, but furthermore that 
it is possible to detect the participants initially. In |12], a 
leader election algorithm for a system where infinitely many 
processes may join the system is presented if the number of 
processes simultaneously up is bounded. 

To the best of our knowledge, this paper presents com- 
pletely new approaches to emulate registers and solve the 
consensus problem in unknown and anonymous environ- 
ments with partial synchrony. 

2. Model and Definitions 

We assume a network with an unknown (but finite) num- 
ber of processes where the processes have no IDs (i.e. they 
are totally anonymous) and communicate using a broadcast 
primitive. The set of processes is denoted 11. We assume 
that the broadcast primitive is reliable, although it may not 
always deliver messages on time. Furthermore, any number 
of processes may crash and the processes do not recover 
Processes that do not crash are called correct. 

1. For obstruction-free consensus, termination is only guaranteed if 
a process can take enough steps witliout beeing interrupted by other 
processes. 



We model an algorithm A as a set of deterministic 
automata, one for every process in the system. We assume 
only fair runs, i.e. every correct process executes infinitely 
many steps. 

2.1. Consensus 

In the consensus problem, the processes try to decide on 
one of some proposed values. Three properties have to be 
satisfied: 

Validity: Every decided value has to be a proposed 
value. 

Termination: Eventually, every correct process decides. 
Agreement: No two processes decide different values. 

2.2. An extension to GIRAF 

Algorithm [T] presents an extension to the generic round- 
based algorithm framework of IJ IJ (GIRAF). It is extended 
to deal with the particularities of our model, namely the 
anonymity and unknown number of the processes. The 
framework is modeled as an I/O automaton. To implement 
a specific algorithm, the framework is instantiated with two 
functions: initialize{) and computeQ. The compute{) func- 
tion takes the round number and the messages received so far 
as parameters. We omit to specify a failure detector output 
as parameter (as in [11]), because we are not interested 
in failure detectors here. Both functions are non-blocking, 
i.e. they are not allowed to wait for any other event. 

Our extension lies in the way we model the received 
messages. Since the processes have no IDs, we represent 
the messages that are received during one round as a set 
instead of an array. 

The communication between the processes proceeds in 
rounds and the advancement of the rounds is controlled by 
the environment via the receivei and end-of-round^ input ac- 
tions. These actions may occur separately at each process pi 
and therefore rounds are not necessarily synchronized among 
processes. The framework can capture any asynchronous 
message passing algorithm (see lilli ). 

Environments are specified using round-based properties, 
restricting the message arrivals in each round. 

2.3. Environments 

We say that a process pi is in round k, if there have been k 
invocations of end-of-round^. A process pi has a timely link 
in round k, if end-of-round^ occurs in round k and every 
correct process pj receives the round k message of pi in 
round k. 

In this paper, we consider three different environments: 
• In the first one, which we call the moving-source (MS) 
environment, we assume that in every round k, there 



Algorithm 1: Extended GIRAF generic algorithm for 
process pi. 

1 

2 
3 



States: 

h G N, initially 0; 

Mi\H] C Messages, initially Vfe G N : Mi[k] 

4 Actions and Transitions: 

5 input end-of-roimd- 

6 if (fc, = 0) tiien 

7 I m := initialize {); 
else 

|_ m := compute{ki, Mi); 

10 Mi[ki + 1]:= Mi[ki + l]u{m}; 

11 ki := fci + 1; 
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output send{ {Mi[ki],ki))i; 
input receive{{M, k))i 
|_ M4fc] — M4fc] UM; 



exists a process (a source) that has a timely link in 
round k. 

m In the second environment, which we call the eventual 
synchronous (ES) environment, we demand the same 
as in the MS environment, but additionally require that 
there is some round k such that in every round k' > k, 
all correct processes have timely links in round k'. 

m In the third environment, which we call the eventually 
stable source (ESS) environment, we demand the same 
as in the MS environment, but additionally require that 
eventually the source process ps is always the same in 
every round. This means, that there is some round k 
such that in every round k' > k, the same process ps 
has a timely link in round k'. 



3. Implementing consensus in ES 



Algorithm 2: A consensus algorithm in ES for process 
1 on initialization do 



VAL := initial value; 

WRITTEN ~ WRITTENOLD := PROPOSED ■ — 

return proposed; 



5 on compute{ki, Mi) do 
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WRITTEN : 



n 



PROPOSED ~ (UmeM [fc ] ^) U PROPOSED; 

if (ki mod 2 = 0) tlien' 

if (proposed = writtenOld = {val}) tlien 
I decide val; lialt 
else if (written / 0) tlien 
|_ VAL := max( written); 

proposed — {val}; 

writtenOld := written; 
return proposed; 



Algorithm |2] implements consensus in the ES environ- 
ment. The idea of the algorithm is to ensure safety by waiting 
until a value is contained in every message received in a 
round. In this way, one can ensure that a value has also 
been relayed by the current source and is therefore known 
by everybody (we say that the value is written). If a process 
evaluates Line 9 to true, then VAL is known by everybody 
(because it was written in the last round) and no other 
process will consider another value as written, because only 
a value which has also been relayed by a source can be in 
WRITTEN. But the relayed value of a source would also be 
in PROPOSED at every process. 

To guarantee the liveness of the consensus algorithm, 
we use the fact that eventually, all proposal values in the 
system are received in every even round by everybody 
and everybody will select the same maximum in Line 12. 
Therefore, everybody will propose the same value in the 
next round and the algorithm will terminate. 

3.1. Analysis 

For all local variables VAR, we denote by VAR^ the local 
variable of process pi (e.g., PROPOSED,). For every variable 
VARi, VAR,^' is the value of this variable after process pi 
has executed Line 7 when compute has been invoked with 
parameter k (i.e. in round k). 

Lemma 1. If no process has decided yet and for some pi, 
V G WRITTEN^, then every process pj that enters round k 
has V e PROPOSED*^. 

Proof If a process pi has a value v in WRITTEN*^, 
then V has been contained in every message, which pi has 
received in round k (Line 6). This includes the message 
of the source, since by assumption the source has not yet 
terminated. But by definition, every other process pj that 
enters round k also has received the message of this source 
in this round and added it to its set PROPOSED^ (Line 7). 



Therefore, v is in PROPOSED^'. 



□ 



Lemma 2. If no process has decided yet and pi has v G 
writtenOld*^ in an even round k, then every other process 
Pj that enters round k has v G WRITTEN*^. 

Proof If a process pi has a value v in WRITTENOLD j , 
then it has had v in WRITTEN*^"^. Therefore, every other 
process pj that enters round fc — 1 has v in PROPOSED*^^^ 
in the same odd round fc — 1 (Lemma [7]). Since no value 
is removed from a set PROPOSED in odd rounds, v will 
be contained in every set PROPOSED broadcast at the end 
of round fc — 1 and therefore get into WRITTEN^ at every 
process pj that enters round fc. □ 

Theorem 1. Algorithm |2] implements consensus in the ES 
environment. 

Proof: We have to prove the 3 properties of consensus. 
Validity is immediately clear, because VAL is always an 
initial value. 



To prove termination, assume that the system has stabi- 
lized, i.e. all faulty processes have crashed and all messages 
are received in the round after which they have been sent. 
Then, all processes receive the same set of messages in every 
round. Therefore, the set PROPOSED and thus WRITTEN is 
the same at all correct processes and everybody will always 
select the same maximum in Line 12. In the next round all 
processes start with the same proposal value and this value 
will be written in every future round. Thus, everybody will 
evaluate Line 9 to true in the next round. 

To prove agreement, assume pi is the first process that 
decides a value v in a round k. This means, that pi 
has evaluated Line 9 to true. If some other value than v 
would have been written anywhere in the system, this would 
contradict PROPOSED ~ {v} (Lemma [7]), since pi is the 
first process that decides. Furthermore, v is in WRITTEN at 
every process in the system in round k, since it is also in 
WRITTENOld (Lemma |2|. Therefore, every other process 
decides v in the same round, or it will evaluate Line 11 to 
true and select v as new VAL. Thus, no other value will ever 
get into PROPOSED anywhere in the system, no other value 
will ever be written and no other value will ever be selected 
as VAL. 

□ 

4. Implementing consensus in ESS 

Algorithm [3] implements consensus in the ESS environ- 
ment. For the safety part, the algorithm is very close to 
algorithm 12] (see Section O. 

To guarantee liveness, we use the fact that we have at 
least one process which is eventually a source forever. We 
use the idea of the construction of the leader failure detector 
n (|3|. It elects a leader among the processes which is 
eventually stable. In "known" networks, with some eventual 
synchrony, Q, can be implemented by counting heartbeats 
of processes (e.g. in ([T|). But we are not able to count 
heartbeats of different processes here, because in our model 
the processes have no IDs. To circumvent this problem, we 
identify processes with the history of their proposal values. If 
several processes have the same history, they either propose 
the same value, or their histories diverge and will never 
become identical again. Eventually, all processes will select 
the same history as maximal history and the processes with 
this history will propose in every round the same values. 

4.1. Implementation 

Every process maintains a Ust of the values it broadcasts 
in every round (specifically, its proposal values). This list is 
denoted by the variable HISTORY. In this way, two processes 
that propose in the same round different values will eventu- 
ally have different HISTORY variables. Note that, although 
the space required by the variables may be unbounded, in 



every round they require only finite space. Thus, if we 
could ensure that eventually all processes that propose have 
in every round the same history (and at least one process 
proposes infinitely often), then the proposal values sent 
are indistinguishable from the proposal values of a single 
"classical" leader 

However, the history of a process permanently grows. 
Therefore, every process includes its current history in every 
message it broadcasts. Furthermore, it maintains a counter 
C for every history it has yet heard of (in such a way that 
no memory is allocated for histories it has not yet heard 
of). Then, it compares the histories it receives with the ones 
it has received in previous rounds. If some old history is a 
prefix of a new history, it assigns the counter of the new 
history the value of the counter of the old one, increased by 
one. Thus, the counter of a history that corresponds to an 
eventual source is eventually increased in every round. 

In this way, it is possible to ensure that eventually only 
eventual sources that converge to the same infinite history 
consider itself as leader. In a classical approach, eventually 
only these leaders would propose values. But to meet our 
safety requirements, it is crucial to ensure that all processes 
propose in every round at least something to make sure that 
the value of the current source is received by everybody. 
Therefore, we let processes that do not consider itself as a 
leader propose the special value _L. 

4.2. Analysis 

Similarly to Section [3] for every variable VAR^, VArJ' is 
the value of this variable after process pi has executed Line 
9 in round k. 

Definition 1. We say, that pi has heard of pj's round k 
message (rrij), if pi has received m'j in round k, or if there 
exists another process pi such that pi has heard of pi 's round 
k' message for some k' > k and pi has heard of pj 's round 
k message. 

Let process ps be an eventual source. We then identify 
three groups of processes: 

out-connected: The processes, the eventual source ps has 
infinitely often heard of. 

o-silent: The processes that are not out-connected. 

o-proposer. The out-connected processes that have 
eventually in every round timely links to- 
wards all other out-connected processes]! 

leader. We say that a process pi is a leader 

in some round k (pi G leader{k)), iff 
Vh, Cf [history^] > C*^[h]. 
If process pi is eventually a leader for- 
ever, i.e. there exists a k, such that for 

2. Note that it is possible that the message an out-connected process 
actually has received is not the message that a o-proposer has sent. It is 
sufficient if it receives an identical message from another process. 



Algorithm 3: The consensus algorithm in ESS for 
process pi. 

1 on initialization do 

2 VAL := initial value; Vh, C[h] — 0; HISTORY := VAL; 

3 WRITTEN — WRITTENOLD := PROPOSED ~ 0; 

4 return m = (proposed, history, C); 

5 on compute{ki, Mi) do 
WRITTEN - HmeAU [fe.] "1-PROPOSED; 

proposed ■— ( IJ m. proposed) u proposed; 

mGM; [ki] 

Vh,C[h] — min^gMafei](m.C[H]); 
Vm e A/iffci], C[m. history] := 1 + 
max{ C[h] I H is a prefix of m. HISTORY}; 
if (ki mod 2 = 0) tiien 

if (writtenOld = {val}) a (proposed c 
{vAL, ±}) then 
I decide val; lialt; 
else if (written \ {_L} / 0) then 

|_ VAL := max(WRITTEN \ {-L}); 
if 

(Vh, C [history] > C[h])v(proposed c {val,±}) 
then 

I PROPOSED ■— {val}; 

else 

|_ proposed ■— {_l}; 

writtenOld := written; 
written — proposed; 
append VAL to HISTORY; 
return m = (proposed, history, C); 
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all k' > k. Pi E leader{k'), then we 
simply write that pi G leader. Note that 
it may be possible that there are several 
processes in leader. 
The sets relate to each other in the following way: 

{Ps } ^ o-proposer C out-connected C correct 
and o-silent n out-connected — 

We will later show that leader C o-proposer (Lemma |6]l. 

Lemma 3. Eventually, in every odd round k, for every 
o-proposer pi, the set PROPOSED in wJl is a subset of the 
set WRITTEN at all out-connected processes in round fc + 1. 
More formally: 

3k.yk' > k with k' mod 2 = 1, 
ypi G o-proposer^ \/pj g out-connected : 
(proposed, -, -) 



k'+l 



proposed c written 



Proof: Follows directly from the definition of o- 
proposers and the fact that out-connected processes even- 
tually do not receive any timely messages from o-silent 
processes. □ 



Lemma 4. Eventually, at all out-connected processes, the 
counters that correspond to histories of o-proposers increase 
in every round by one. More formally: 

3k,\fk' > k,\/pi £ o-proposer, \fpj £ out-connected, 



"^fHISTORYj" +^ 



] = Cj [HISTORyf ] + 1 



Proof: Assume a time when the system has stabilized. 
This means, that all o-proposers send timely messages 
to all out-connected processes in every round and no 
out-connected process receives timely messages from o-silent 
processes. Then, let k be the number of the current round 
and for every o-proposer pi let pj be an out-connected 
process, such that the counter C*^ [HISTORY*^] is minimal 
among all out-connected processes in round k. Then, the 
counter for pi 's history at pj will never decrease, because 
Pj will never receive a message with a lower counter from 
any other process. 

Since pi is a o-proposer, the counter for pi 's history 
will increase by one at pj in every round. For every other 
out-connected process, since it receives also a message from 
Pi in every round and it can only finitely often receive a 
lower counter corresponding to pi 's history ( the lowest one 
is Pj's), the counter of pi's history eventually increases in 
every round by one. □ 

Lemma 5. If a history of a process pj infinitely often 
corresponds to a maximal counter at a o-proposer pi, then 
Pj is a leader forever More formally: 

ypi e o-proposer, \/pj G 11 : 
(Vfc,3fc' > k,\/h, (Cf [history)-'] > Cf[h])) 
Pj G leader 

Proof: We first show that pj G o-proposer. Assume 
that it is not. Since pi G o-proposer, eventually the counter 
that corresponds to pi 's history is increased by one at every 
out-connected process ( Lemma Since pj ^ o-proposer, 
some out-connected process pi does not receive mJj in round 
k for infinitely many rounds k. Therefore, the counter at 
pi that corresponds to pj 's history is not increased by one 
in these rounds and is eventually strictly lower than the 
one that corresponds to Pi 's history. Since every time some 
out-connected process has a lower counter than the others, 
eventually this counter propagates to all other out-connected 
processes, Pi 's history will eventually be higher than pj 's at 
all out-connected processes. A contradiction. 

If Pi and Pj are both o-proposers, then eventually they 
receive their messages timely in every round k. Since pj 's 
history increases at all out-connected processes by one 
(Lemma 13, eventually C*'[history*'] = C*'[history)']. 
Since by our assumption, in some future round k', pj 's 
history is maximal at pi and a counter can increase by 
at most one and the counters that correspond to pj's 



history increase always by one (Lemma^, C^[HISTORYj^] 
is maximal forever and therefore pj is a leader forever □ 

Lemma 6. Eventually, there exists a process pi e leader 
and every leader is a o-proposer. More formally: 

3k, 3p^ e n, Vfc' > A: : e leader{k') (1) 
and \lpi G 11 : {\fk,3k' , k' > k,pi G leader{k')) 

^ Pi £ o-proposer (2) 

Proof: The eventual source pa is a o-proposer. There- 
fore, there exists at least one o-proposer. Either ps is also 
a leader forever, or there is another process whose history 
infinitely often corresponds to a higher counter at ps than 
Ps 's history. Then, with Lemma \5\ this process is a leader 
forever This implies ([7]). 

Assume a process pi is not a o-proposer. Then, pi 's 
counter is increased by less than one in infinitely many 
rounds at some processes. Because eventually these counters 
propagate to all out-connected processes and the values of 
o-proposers are increased in every round by at least one 
(Lemma eventually the history of some o-proposer is 
higher than that of pi. Therefore, pi cannot be a leader 
forever This implies 

□ 

Lemma 7. If no process has decided yet, then eventually 
only values of leaders and _L get into a set WRITTEN 
anywhere. More formally: 

3k,yk' >k,yp,eii: 

WRITTEN^' C Up^^i,ader{k')^ALf U {_L} 

Proof: There is a time after which there exists at least 
one leader and all leaders are o-proposers (Lemma^ and 
since leaders propose their values always, all their values 
get into every set WRITTEN at all out-connected processes 
in every even round (Lemma\3}. 

Therefore, every set PROPOSED contains a value of a 
leader ( compare Lemma Q} and no process that considers 
itself not as leader and has a value different from a leader 
will evaluate line 15 to true and add a different value to its 
set PROPOSED. □ 

Theorem 2. Algorithm |5] implements consensus in ESS. 

Proof: We have to prove the 3 properties of consensus. 
Validity is clear, since VAL is always an initial value. 

To prove termination, assume there exists a run where no 
process ever decides. Then, eventually only non-1, values 
of leaders will get into a set WRITTEN anywhere (Lemma 
[TP and they will get into WRITTEN always in every even 
round (Lemma\3\ and all out-connected processes select the 
same value (the maximum in Line 14). Therefore, only this 
value and _L will be written in subsequent rounds and every 
out-connected process will select this value as value for 
PROPOSED in Line 16 (i.e., no out-connected process will 



select 3-} and everybody will evaluate Line 11 to true in the 
next round. Therefore, eventually, every correct process will 
decide. 

To prove agreement, assume pi is the first process that 
decides a value v in a round k. This means, that pi has 
evaluated Line 11 to true. Then, as PROPOSED C {v, _L}, no 
other value different from _L is in a set WRITTEN anywhere 
in the system ( compare Lemma [7} and v is in WRITTEN at 
every process in the system in round k, since it is also in 
WRITTENOld ( compare Lemma \2}. Therefore, every other 
process decides v in the same round, or it will evaluate 
Line 13 to true and select v as new VAL and no other value 
different from 1. will ever get into PROPOSED anywhere in 
the system and therefore, no other value will ever be selected 
as VAL. 

□ 

5. Weak-Sets 

The weak-set data structure has been introduced by 
Delporte-Gallet and Fauconnier in [4]. 

A weak-set S" is a shared data structure that contains a 
set of values. It is defined by two operations: the adds{v) 
operation to add a value v to the set and the getg operation 
which returns a subset of the values contained in the weak- 
set. Note that we do not consider operations to remove values 
from the set. Every getg operation returns all values v where 
the corresponding adds{v) operation has completed before 
the beginning of the getg operation. Furthermore, no value v' 
where no adds{v') has started before the termination of the 
getg operation is returned. For adds operations concurrent 
with the getg operation, it may or may not return the values. 
Therefore, weak-sets are not necessarily linearizabl^ 

5.1. Weak-Sets and registers 

A weak-set is clearly stronger than a (regular) register: 

Proposition 1. A weak-set implements a (regular) multiple- 
writer multiple- reader register 

Proof: To write a value, every process reads the weak- 
set and stores the content in a variable HISTORY. Then, 
every process adds the value to be written together with 
HISTORY to the weak-set. 

To read a value, a process reads the weak-set and returns 
the highest value among all values accompanied by a 
HISTORY with maximal length. 

This transformation satisfies the two properties of regu- 
lar registers, namely termination and validity. Termination 
follows directly from the termination property of weak-sets. 

If several processes write at the same time, two reads at 
two different processes may return different values, but after 

3. A weak object is linearizable (also called atomic) if all of its operations 
appear to take effect instantaneously HOJ . 



all writes have completed, the return value will be the same 
at all processes. To see that also validity holds, consider the 
value returned by a read. If there is no concurrent write, 
then the value returned is the last value written (i.e. the 
maximal value of all values concurrently written). 

□ 

In im, a weak-set is implemented using (atomic) registers 
in the following two cases: 

Proposition 2. If the set of processes using the weak set is 
known (i.e. the IDs and the quantity), then weak-sets can be 
implemented with single-writer multiple-reader registers. 

Proposition 3. If the set of possible values for the weak set 
is finite, then weak-sets can be implemented with multiple- 
writer multiple-reader registers. 

5.2. Weak-Sets and the MS environment 

Algorithm |4] shows how to implement a weak-set in the 
MS environment. Similarly to Section [3] for every variable 
VARi, VAR^ is the value of this variable after process pi has 
executed Line 15 in round k (i.e. after compute is called 
with parameter k). 

Algorithm 4: A weak-set algorithm in the MS environ- 
ment for process pi. 
1 on initialization do 



VAL := _L; PROPOSED ~ WRITTEN := 
BLOCK ~ false; 
return proposed; 



5 on get do 

6 |_ return proposed; 

7 on add(v) do 

8 PROPOSED ~ PROPOSED U {v}; 

9 VAL := v; 

10 BLOCK ~ true; 

11 wait until (block =/afae); 

12 return ack; 

13 on compute{ki, Mi) do 



14 
IS 
16 
17 



WRITTEN ~ n 



m6Mj [ki] 



PROPOSED 



(U 



mgA/i[fc'],l<fc'<fc, 



if (vAL G written) then block 
return proposed; 



m) U proposed; 
false; 



Lemma 8. If for some pi, v G WRITTEN*^, then every 



process pj that enters round k has v G PROPOSED*^. 
Proof: The proof is analogous to Lemma [7] 



□ 



Lemma 9. If some value is in WRITTEN at some process, 
then this value will be forever in PROPOSED at all processes. 

Proof: Since it is never a value removed from any set 
PROPOSED, this follows immediately from Lemma^ □ 

Theorem 3. Algorithm |4] implements a weak-set. 



Proof: We have to show that all operations terminate 
at all correct processes and that every get operation returns 
all values which have been added before. 

The only position where an operation may be blocked is in 
Line 11. But since eventually all messages will be received 
by all correct processes, every value will eventually be in 
every set PROPOSED and therefore eventually be in every 
set written. Thus, no correct process will block in Line 
11 forever 

To show that every get operation returns all values which 
have been added before, see that an add{v) operation only 
terminates if v is in WRITTEN at some process. Together 
with Lemma |9] this means that this value will be returned 
by every process in Line 6. 

□ 

5.3. Emulation of the MS environment with weak- 
sets 

Algorithm |5] emulates the MS environment using a weak- 
set S and the corresponding adds and getg methods. 

As a weak-set is implementable by only using registers 
(see Proposition|2|i and the FLP impossibility result |7| states 
that consensus is not implementable using only registers, this 
implies, that it is not possible to implement consensus in the 
MS environment (without any additional assumptions like in 
ES). 

Algorithm 5: Emulating the MS environment for process 
Pi using a weak-set S. 
1 on initialization do 



DELIVERED := 0; 
trigger end-of-round^; 



4 on send{mi,ki)i do 

5 adds{{mi,ki)); 

6 forall (m, k) e getg \ DELIVERED do 

7 DELIVERED := DELIVERED U {(m, fc)}; 
trigger receive{m,k)i; 

trigger end-of -round ^, 



Theorem 4. Algorithm \5\ emulates the MS environment. 

Proof: Clearly, eventually all messages get delivered 
and all correct processes execute an infinite number of 
rounds. 

It remains to show, that in every round k, there exists 
a process Sk such that for every process pi at which 
end-of-round^ occurs in round k, pi receives the round k 
message of Sk in round k. 

Let Pi be the first process that finishes to add the value 
of a round k. If several processes finish to add their values 
at exactly the same time, choose one. 

Claim: Every process at which end-of-round is triggered 
in round k has received pi 's round k value. 



The proof is by contradiction. Assume that a process pj 
triggers end- of- round in round k without having received 
Pi 's round k value. By the definition of a weak-set, this 
means that pj 's getg begun before pi 's adds completed. 
But a process will only start a getg after it has finished to 
add its own value. A contradiction to the fact that pi was 
the first process that has completed its adds. □ 

6. The MS-environment and the S failure de- 
tector 

The quorum failure detector E |5| outputs lists of IDs of 
trusted processes (i.e. it is not well-defined in our anonymous 
model) and it satisfies the following properties: 

Intersection: Given any two lists of trusted processes, 
possibly at different times and by different 
processes, at least one process belongs to 
both lists. 

Completeness: Eventually at all correct processes, every 
trusted process is correct. 

E has been shown to be the weakest failure detector to 
emulate registers in totally asynchronous message-passing 
systems 15] (with known IDs). This means, that E is 
sufficient to emulate registers in such systems and with 
any failure detector which is also sufficient to implement 
registers in such a system, it is possible to emulate E. 
Interestingly, although it is possible to implement a register 
in the MS environment (via weak-sets), we show that even 
if we assume that the number of processes and their IDs 
are known, it is not possible to emulate E. Note that this is 
no contradiction, since in our model no failure detector is 
necessary for the emulation. 

Proposition 4. It is not possible to emulate E in the MS- 
environment, even if the number of processes and their IDs 
are known. 

Proof: Assume there exists such an algorithm and con- 
sider a run ri where process pi is the only correct process, 
pi is always the source, and pi receives no messages from 
other processes. Then, by the completeness property of E, 
there exists some time t after which the output ofYi is {pi\. 

Similarly, consider a run r2 where process p2 is the 
only correct process and pi crashes after time t. Again, 
Pi is the source until time t and receives no messages from 
other processes ( this is possible, since the messages from 
P2 may be arbitrary delayed). For pi, run ri and r2 are 
indistinguishable up to time t and consequently the E at pi 
will output {pi} at pi at time t. But since eventually, the 
output at p2 has to be {P2} forever, this contradicts to the 
intersection property of E. 

□ 



7. Conclusions 

This paper has provided algorithms to emulate registers 
and solve consensus under different synchrony assumptions 
in unknown and anonymous message-passing networks that 
suffer from crash-failures. One of these algorithms uses a 
novel pseudo leader election primitive. 

Furthermore, we have shown that the MS environment 
(i.e. a system with a moving timely source) is equivalent 
to weak-sets, a generalization of registers for unknown and 
anonymous systems. In some sense, this indicates that the 
synchrony assumptions in this environment are necessary to 
implement basic safety primitives. 

Additionally, we have shown that in the MS environment, 
it is not possible to emulate E, the weakest failure detector 
to emulate registers fSj, even if we assume the existence 
of IDs and a bound on the number of processes. To the 
best of our knowledge, we found for the first time a 
partially synchronous environment in which registers are 
implementable and E is not. 
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